Quote prepared statements of `sanitize_sql_array`
Sure unquoted SQL code pass test, but this % style prepared statements are dangerous. Test codes and code examples are also "Rails" codes, so quote placeholder of prepared statements.
Showing
想要评论请 注册 或 登录